Many protection technologies for personal computer (PC) systems need a mechanism to robustly identify the PC on which the application is running. This is generally accomplished by reading out device identifiers from various assets of the system, such as hardware devices (motherboard parameters, BIOS, MAC address, hard disk, CD/DVD player, graphics card, I/O controllers) that are integrated into the computer. These device identifiers are then combined into an identifier of the system. A simple way to derive the system identifier is applying an exclusive-or (XOR) to all device identifiers.
As computer hardware parts, or other assets, change, such as due to replacement and repairs, a method to determine the system identifier needs to accommodate occasional changes to the device identifiers. One way of supporting hardware updates is by allowing a few device identifiers to change while still generating the same system identifier. A known way to achieve this is by recording the unique device identifiers during an initialization phase and, during the identifier calculation phase, comparing the recorded parameters with the actual parameters. If a sufficient match exists, the recorded parameters are used to calculate the system identifier.
There are similar methods that derive a system identifier from a collection of contributing pieces of information that may change over time. Although based on different contributing information, such methods also need to accommodate changes to the contributing information without changing the calculated identifier. As before the method consists of recording the contributing information and use recorded information if there is a sufficient match between the actual information and the recorded information.
One problem with such methods is that the comparison of the recorded device identifiers with the retrieved parameters is sensitive to attacks. The presence of the recorded device identifiers is the key enabler for these attacks. It is, therefore, desirable to provide a method of generating a system identifier that is tolerant of changes in the computing environment, while being resistant to malicious attacks.